Surge in mobile network infections affects millions of devices

Security threats to mobile devices continues its rapid rise, infecting at any time more than 11.6 million devices and putting their owners at increased risk for stolen personal and financial information; bill shock resulting from pirated data usage; and extortion in exchange for device control.

Meanwhile, the security threat to home networks remained constant with traditional “fixed” malware types starting to make the jump to mobile devices.

Figures for the 2013 fourth quarter and year from Alcatel-Lucent’s Kindsight subsidiary reveals that malware used by hackers to gain access to devices continues to rise with consumer ultra-broadband usage. In addition to the posed risks to consumers, malware is used to commit espionage and launch DoS attacks on businesses and governments.

The report found that mobile malware infections increased 20 percent in 2013, with 4G LTE devices being the most likely to be infected. Android devices accounted for 60% percent of total mobile network infections, which frequently took the form of trojanized applications downloaded from third party app stores, Google Play Store or by phishing scams.

Forty percent of mobile malware originated from Windows laptops tethered to a phone on connected directly through a mobile USB stick or MIFI hub. Infections on iPhone devices and BlackBerry devices made up less than 1 percent.

Highlights:

The mobile infection rate was 0.55 percent in the fourth quarter. Based on this, it is estimated that at any time over 11.6 mobile devices – mostly Android – are infected by malware.

The number of mobile malware samples grew 20 times in 2013.

The residential infection rate in fixed networks dropped from 9.6 percent in October to 8.7 percent in December. For the year, it remained relatively flat at 10 percent.

Six percent broadband residential customers were infected with high-level threats such as a bots, root-kits, and banking Trojans.

Although ZeroAccess malware topped all infections in the fourth quarter, its infection rate dropped from 0.8 percent to 0.4 percent due to Microsoft’s and Symantec’s efforts to disrupt its operations.

“Criminals traditionally go after low hanging fruit,” said Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs. “Not only is Android the largest smartphone market, unlike iPhone and Blackberry, it allows apps to be loaded from third party sites. This provides cybercriminals with an un-policed mechanism to distribute their malware which can easily evade detection by device- based anti-virus. Thus, in 2013 we saw an increased trend towards operators offering network based anti-virus security to subscribers as a service.”

2013 was also a year that saw mobile spyware turn infected smartphones and tablets into a cyber- espionage devices that allowed hackers to remotely track location, download contact lists and personal information, intercept and send messages, record conversation and take pictures.